示例#1
0
文件: views.py 项目: j-barron/zamboni
def _mini_manifest(addon, version_id, token=None):
    if not addon.is_packaged:
        raise http.Http404

    version = get_object_or_404(addon.versions, pk=version_id)
    file_ = version.all_files[0]
    manifest = addon.get_manifest_json(file_)

    package_path = absolutify(
        reverse('reviewers.signed', args=[addon.app_slug, version.id]))

    if token:
        # Generate a fresh token.
        token = Token(data={'app_id': addon.id})
        token.save()
        package_path = urlparams(package_path, token=token.token)

    data = {
        'name': manifest['name'],
        'version': version.version,
        'size': file_.size,
        'release_notes': version.releasenotes,
        'package_path': package_path,
    }
    for key in ['developer', 'icons', 'locales']:
        if key in manifest:
            data[key] = manifest[key]

    return json.dumps(data, cls=JSONEncoder)
示例#2
0
def redirect(request, viewer, key):
    new = Token(data=[viewer.file.id, key])
    new.save()
    url = urljoin(settings.STATIC_URL,
                  reverse('mkt.files.serve', args=[viewer, key]))
    url = urlparams(url, token=new.token)
    return http.HttpResponseRedirect(url)
示例#3
0
文件: views.py 项目: petercpg/zamboni
def _mini_manifest(addon, version_id, token=None):
    if not addon.is_packaged:
        raise http.Http404

    version = get_object_or_404(addon.versions, pk=version_id)
    file_ = version.all_files[0]
    manifest = addon.get_manifest_json(file_)

    package_path = absolutify(
        reverse('reviewers.signed', args=[addon.app_slug, version.id]))

    if token:
        # Generate a fresh token.
        token = Token(data={'app_id': addon.id})
        token.save()
        package_path = urlparams(package_path, token=token.token)

    data = {
        'name': manifest['name'],
        'version': version.version,
        'size': file_.size,
        'release_notes': version.releasenotes,
        'package_path': package_path,
    }
    for key in ['developer', 'icons', 'locales']:
        if key in manifest:
            data[key] = manifest[key]

    return json.dumps(data, cls=JSONEncoder)
示例#4
0
def redirect(request, viewer, key):
    new = Token(data=[viewer.file.id, key])
    new.save()
    url = urljoin(settings.STATIC_URL,
                  reverse('mkt.files.serve', args=[viewer, key]))
    url = urlparams(url, token=new.token)
    return http.HttpResponseRedirect(url)
示例#5
0
文件: views.py 项目: j-barron/zamboni
    def post(self, request, pk, *args, **kwargs):
        app = self.get_object()
        token = Token(data={'app_id': app.id})
        token.save()

        log.info('Generated token on app:%s for user:%s' %
                 (app.id, request.user.id))

        return Response({'token': token.token})
示例#6
0
文件: views.py 项目: petercpg/zamboni
    def post(self, request, pk, *args, **kwargs):
        app = self.get_object()
        token = Token(data={'app_id': app.id})
        token.save()

        log.info('Generated token on app:%s for user:%s' % (
            app.id, request.amo_user.id))

        return Response({'token': token.token})
示例#7
0
文件: views.py 项目: j-barron/zamboni
    def wrapper(request, addon, *args, **kw):
        # If there is a 'token' in request.GET we either return 200 or 403.
        # Otherwise we treat it like a normal django view and redirect to a
        # login page or check for Apps:Review permissions.
        allowed = False
        token = request.GET.get('token')

        if token and Token.pop(token, data={'app_id': addon.id}):
            log.info('Token for app:%s was successfully used' % addon.id)
            allowed = True
        elif not token and not request.user.is_authenticated():
            return redirect_for_login(request)
        elif acl.action_allowed(request, 'Apps', 'Review'):
            allowed = True

        if allowed:
            if token:
                log.info('Token provided for app:%s and all was happy' %
                         addon.id)
            else:
                log.info('Apps:Review (no token) all happy for app:%s' %
                         addon.id)
            return f(request, addon, *args, **kw)
        else:
            if token:
                log.info('Token provided for app:%s but was not valid' %
                         addon.id)
            else:
                log.info('Apps:Review permissions not met for app:%s' %
                         addon.id)
            raise PermissionDenied
示例#8
0
文件: views.py 项目: petercpg/zamboni
    def wrapper(request, addon, *args, **kw):
        # If there is a 'token' in request.GET we either return 200 or 403.
        # Otherwise we treat it like a normal django view and redirect to a
        # login page or check for Apps:Review permissions.
        allowed = False
        token = request.GET.get('token')

        if token and Token.pop(token, data={'app_id': addon.id}):
            log.info('Token for app:%s was successfully used' % addon.id)
            allowed = True
        elif not token and not request.user.is_authenticated():
            return redirect_for_login(request)
        elif acl.action_allowed(request, 'Apps', 'Review'):
            allowed = True

        if allowed:
            if token:
                log.info('Token provided for app:%s and all was happy'
                         % addon.id)
            else:
                log.info('Apps:Review (no token) all happy for app:%s'
                         % addon.id)
            return f(request, addon, *args, **kw)
        else:
            if token:
                log.info('Token provided for app:%s but was not valid'
                         % addon.id)
            else:
                log.info('Apps:Review permissions not met for app:%s'
                         % addon.id)
            raise PermissionDenied
示例#9
0
    def test_token(self):
        self.grant_permission(self.user, 'Apps:Review')
        res = self.client.post(self.url)
        eq_(res.status_code, 200, res.content)
        data = json.loads(res.content)
        assert 'token' in data

        # Check data in token.
        assert Token.valid(data['token'], data={'app_id': self.app.id})
示例#10
0
    def test_token(self):
        self.grant_permission(self.user, 'Apps:Review')
        res = self.client.post(self.url)
        eq_(res.status_code, 200, res.content)
        data = json.loads(res.content)
        assert 'token' in data

        # Check data in token.
        assert Token.valid(data['token'], data={'app_id': self.app.id})
示例#11
0
    def test_token(self):
        self.grant_permission(self.user, "Apps:Review")
        res = self.client.post(self.url)
        eq_(res.status_code, 200, res.content)
        data = json.loads(res.content)
        assert "token" in data

        # Check data in token.
        assert Token.valid(data["token"], data={"app_id": self.app.id})
示例#12
0
 def wrapper(request, file_id, key, *args, **kw):
     viewer = FileViewer(get_object_or_404(File, pk=file_id))
     token = request.GET.get('token')
     if not token:
         log.error('Denying access to %s, no token.' % viewer.file.id)
         raise PermissionDenied
     if not Token.valid(token, [viewer.file.id, key]):
         log.error('Denying access to %s, token invalid.' % viewer.file.id)
         raise PermissionDenied
     return func(request, viewer, key, *args, **kw)
示例#13
0
def redirect(request, viewer, key):
    new = Token(data=[viewer.file.id, key])
    new.save()
    url = reverse('files.serve', args=[viewer, key])
    url = urlparams(url, token=new.token)
    return http.HttpResponseRedirect(url)
示例#14
0
def redirect(request, viewer, key):
    new = Token(data=[viewer.file.id, key])
    new.save()
    url = reverse('files.serve', args=[viewer, key])
    url = urlparams(url, token=new.token)
    return http.HttpResponseRedirect(url)